How do I determine what a given AWS Security Group is associated with?

Question

The AWS EC2 Security Groups documentation mentions that "Security groups for EC2-VPC have additional capabilities that aren't supported by security groups for EC2-Classic" but the Security Groups dashboard does not provide any information on the "capabilities" of attributes of Security Groups that allow me to distinguish what kind of Security Group I'm looking at or what it is attached to, so that, for example I can't figure out whether I can consolidate Security Groups and share them across EC2 instances (for easier management):

1. How do I determine whether a given Security Group is appropriate for a given instance?
2. How do I determine whether what instances a Security Group is associated with (I see how to do the inverse in the Instances console)?

Answer 1

To find all instances associated with security group My-SG, use the following AWS CLI command:

aws ec2 describe-instances --filters "Name=instance.group-name,Values=My-SG" --query 'Reservations[*].Instances[*].[Tags[?Key==`Name`].Value]' --output text